(19) 



J 



Euro putsches Patentamt 
European Patent Office 
Office europeen des brevets 



(11) 



■nil 

EP 1 111 870 A2 



(12) 



(43) Date of publication: 

27.06.2001 Bulletin 2001/26 

(21) Application number 00128166.6 

(22) Date of filing: 21.12.2000 



EUROPEAN PATENT APPLICATION 

(51) Intci7: H04L 29/06, H04L 12/46 



(84) Designated Contracting States: 


(71) Applicant: NEC CORPORATION 


AT BE CH CY DE DK ES Ft FR GB GR IE IT LI LU 


Tokyo (JP) 


MC NLPTSETR 




Designated Extension States: 


(72) inventor: Serada, Teruharu, c/o NEC Corporation 


AL LT LV MK RO SI 


Tokyo (JP) 


(30) Priority: 24.12.1999 JP 36585699 


(74) Representative: Betten & Resch 


Postfach10 02 51 




80076 MOnchen (DE) 



(54) Communication method and communication system 



(57) A communication method and a communica- 
tion system can ensure security of communication be- 
tween a portable type information terminal and a server 
storing demanded contents. The communication meth- 
od performs transmission of an encrypted data with a 
predetermined protocol realizing process for ensuring 
security in communication on a telephone network be- 



tween a portable type information terminal having a 
function obtaining a content on a network and displaying 
the content and a gateway connected with the portable 
type information terminal through the telephone network 
and performs tunneling process for the encrypted data 
between the gateway and a server storing the content 
on the network. 
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Description 

BACKGROUND OF THE INVENTION 
Field of the Invention 

[0001] The present invention relates generally to a 
communication method and a communication system 
suitable for accessing internet by means of a personal 
handy phone system (PHS), cellular telephone and a 
portable type information terminal, such as a portable 
type computer or the like. More particularly, the inven- 
tion relates to a communication method and a commu- 
nication system which can enhance security in commu- 
nication. 

Description of the Related Art 

[0002] Associating with spreading of internet, chanc- 
es to perform shopping on world wide web (WWW), to 
deal with a bank deposits and postal saving using a 
banking system on the internet and to make various no- 
tification on WWW. It has been closed up a problem on 
security of communication on a network system. 
[0003] Fig. 9 shows a general construction of a com- 
munication system using the internet, conventionally. In 
the network 1 01 , a plurality of computers 1 to 1 02 A , 
such as personal computer or the like, a plurality of con- 
ventional wireless telephony application (WTA) servers 
1 03, to 1 03 B and a plurality of hypertext transfer proto- 
col (HTTP) servers 104, to 1 04 c are connected. On the 
other hand, to the network 1 01 , gateways 1 05, to 105 D 
are connected. To these, portable type information ter- 
minals 107, to 107 F are connected via respective base 
stations 106, to 106 E . Here, A to Fare voluntary integers 
greater than or equal to two. 

[0004] In such communication system, for example, it 
is assumed that the first computer 102., accesses the 
WWW contents as data stored in the first conventional 
type WTA server 103,. In this case, the first computer 
102, designates a uniform resource location (URL) of 
WWW contents. Then, communication is performed for 
accessing contents on WWW using a communication 
protocol called as a hypertext transfer protocol (HTTP). 
Particularly, the first computer 102, transmits the URL 
of a hypertext markup language (HTML) document de- 
sired to display as request. In case of the conventional 
type WTA server 1 03, and HTTP servers 1 04, to 1 04 c 
transmits the corresponding HTML document to the first 
computer 1 02, as client. In this communication protocol, 
connection has to be established to the conventional 
type WTA server 103, or corresponding HTTP servers 
HTTP servers 104, to 104 c every time of obtaining com- 
munication data for breaking connection upon comple- 
tion of reception of the communication data. 
[0005] Next, discussion will be given for the case 
where a first portable type information terminal 107, as 
one of the portable type information terminals 1 07, to 



1 07 F accesses the conventional type WTA server 1 03, . 
In this case, between a first gateway 105, to be con- 
nected to the first portable type information terminal 
107, and the conventional type WTA server 103,, the 

5 communication protocol called as HTTP is used similar- 
ly to the case where the former computers 1 02, to 1 02 A 
access the conventional type WTA servers 103, to 
103 B . In a wireless application protocol (WAP), a proto- 
col called as wireless session protocol (WSP) is used 

10 between the first gateway 105, and the first portable 
type information terminal 107,. 
[0006] Here, WAP is a protocol for obtaining internet 
information using a telephone network from the portable 
type information terminal. The information is obtained 

15 from WWW using a wireless markup language (WML) 
similar to HTML. 

[0007] Rg. 1 0 shows a manner of communication be- 
tween the computer in the communication system and 
the HTTP server. The computer 102 and the conven- 

20 tional type WTA server 1 03 performs communication of 
various data, such as data written by a description lan- 
guage of HTML, data of graphic interchange format 
(GIF) or bitmap (BMP) using HTTP. 
[0008] Fig. 1 1 shows a manner of communication be- 

25 tween the portable type information terminal and the 
conventional type WTA server. Between the convention- 
al type WTA server 103 and the gateway 105, commu- 
nication similar to that between the computer 102 and 
the conventional type WTA server 1 03 as discussed with 

30 reference to Fig. 1 0 is performed. Between the portable 
type information terminal 107 and the gateway 105, a 
communication method different from that between the 
conventional type WTA server 1 03 and the gateway 1 05 
is employed in consideration of small capacity of mem- 

35 ory mounted in the portable type information terminal 
and/or incapability of mounting of central processing 
unit (CPU) performing high speed operation for saving 
power consumption and saving space. As communica- 
tion method in this zone, WAP set forth above has been 

40 attracting attention. 

[0009] In WAP, the description language called as 
HTM L transmitted from the conventional type WTA serv- 
er 1 03 is fed to the gateway 1 05. Then, display positions 
of images based on graphic interchange forme.. * J IF) or 

45 the like is calculated. Then, data is modified In a form 
which can be actually displayed in one frame of the dis- 
play on the portable type information terminal. The mod- 
ified data is fed to the portable type information terminal 
107 as a binary data. At this time, transfer of data is per- 

50 formed using the protocol called as wireless session 
protocol (WSP). 

[0010] When information is transmitted using the 
above-mentioned network, it is required to consider for 
security of communication . Between the computer 1 02 
55 and the conventional type WTA server 1 03 shown in Fig. 
10, security of communication is ensured by encryption 
and authentication by using secure socket layer (SSL) 
or transport layer security (TLS). Here, SSL is a protocol 
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realizing encrypting and authenticating function in sock- 
et level. TSL is succeeding security protocol of SSL. 
Since these are substantially the same protocol, they 
are occasionally expressed asTLS/SSL In the following 
discussion, the expression TLS/SSL will be used. 
[0011] Between the portable type information terminal 
107 and the conventional type WTA server 103 shown 
in Fig. 1 1 , TLS/SSL is similarly used. On the other hand, 
between the portable type information terminal 1 07 and 
the gateway 1 05, a protocol called as wireless transport 
layer security (WTLS) is used. This protocol is a protocol 
having equivalent function to TLS or the like as standard 
of internet and is optimized for the portable type infor- 
mation terminal 1 07. This protocol also has functions for 
encryption, authentication, compression and so forth. 
[0012] By employing the encryption technology set 
forth above, security of communication data is ensured 
between the computer 102 and the conventional type 
WTA server 103 as shown in Fig. 1 0. Also, similarly se- 
curity of communication is also ensured between the 
portable type information terminal 107 and the conven- 
tional type WTA server 1 03 as shown in Fig. 1 1 , between 
the gateway 1 05 and the conventional type WTA server 
1 03, and between the portable type information terminal 
1 07 and the gateway 1 05. However, in the later commu- 
nication system, the encrypted communication data is 
once decoded in the gateway 1 05 and again encrypted 
with another protocol. Accordingly, intervention of the 
gateway 1 05 as third party other than concerned parties 
in data transmission, is a weak point for ensuring secu- 
rity of communication. 

[0013] A problem of ensuring security of communica- 
tion in the gateway 105 may be considered separately 
in two points. The first point is possibility that the gate- 
way is attacked by the third party for tampering or steal- 
ing of communication data transmitted between the con- 
ventional type WTA server 1 03 and the portable type 
information terminal 1 07. The second point is possibility 
of subjecting to undertook or tamper of data in unse- 
cured condition by manager of the gateway 1 05. 
[0014] For the former problem, various proposals are 
performed in order to avoid. For example, it has been 
proposed to prevent breaking-in of malicious third party 
by employing a firewall as proposed in Japanese Unex- 
amined Patent Publication No. Heisei 10-200530, Jap- 
anese Unexamined Patent Publication No. Heisei 
10-285216 and Japanese Unexamined Patent Publica- 
tion No. Heisei 11-146016. However, the firewall is not 
always perfect for possibility of communication data 
transmission bypassing the network by way of tunneling 
process. On the other hand, for the later problem, there 
is no way but merely relying on morality of the manager 
of the gateway since the encrypted communication data 
is decoded in the gateway for next encryption. 
[001 5] Between the portable type information terminal 
107 and the server on the network as set forth above, 
nature of transmission paths up to the gateway at the 
midway are different, it is not possible to ensure end-to- 



end security of communication. 
SUMMARY OF THE INVENTION 

s [001 6] It is therefore an object of the present invention 
to provide a communication method and a communica- 
tion system for ensuring security of communication be- 
tween a portable type information terminal and a server 
storing demanded contents. 

10 [0017] According to the first aspect of the present in- 
vention, a communication method comprises the steps 
of: 



15 



25 



performing transmission of an encrypted data with 
a predetermined protocol realizing process for en- 
suring security in communication on a telephone 
network between a portable type information termi- 
nal having a function obtaining a content on a net- 
work and displaying the content and a gateway con- 
nected with the portable type information terminal 
through the telephone network; and 
performing tunneling process for the encrypted data 
between the gateway and a server storing the con- 
tent on the network. 



[0018] With the construction set forth above, by tun- 
neling process of the gateway to transmit the encrypted 
data from the portable type information terminal to the 
server as is, process to once decode the encrypted data 
30 and again encrypt adapting to the transmission line to 
the server becomes unnecessary to overcome the weak 
point of the gateway in ensuring security in communica- 
tion. 

[0019] Data may be transmitted between the portable 

35 type information terminal and the gate way connected 
through the telephone network by a wireless session 
protocol, and data may be transmitted between the 
gateway and the server connected via an internet by an 
internet protocol. 

40 [0020] In the particular method set forth above, as 
communication protocol ensuring security in communi- 
cation in the telephone network between the portable 
type information terminal and the gateway, WSP is em- 
ployed, and as communication protocol ensuring secu- 

45 rtty in communication in the internet between the gate- 
way and the server on the internet, IP is employed, it is 
also possible to employ other communication protocol 
may be employed as long as the security in communi- 
cation can be ensured. 

so [0021 ] The gateway may perform a process including: 

first step of transmitting the encrypted data from the 
portable type information terminal to the destination 
server through tunneling process; and 
55 second step of transmitting a predetermined data 
transmitted from the server through tunneling proc- 
ess to the portable type information terminal. 



3 



JDCC1D: <EP 1 



.1111870A2_I_> 



EP 1 111 870 A2 



5 

[0022] The gateway may perform a process further in- 
cluding: 

third step of making judgment whether the encrypt- 
ed data of the portable type information terminal is 
adapted for tunneling process or not per each des- 
tination server, and the first step is executed when 
the encrypted data is judged as being adapted to 
tunneling process at third step. The gateway may 
performs a process further including: 
third step of making judgment whether the encrypt- 
ed data of the portable type information terminal is 
adapted for tunneling process or not per each des- 
tination server; and 

fourth step of decoding the encrypted data from the 
portable type information terminal and encrypting 
data adapting to a transmission He to the server 
when the destination server is judged as not adapt- 
ed for the tunneling process. The gateway may 
make judgment whether the encrypted data is 
adapted to the tunneling process by monitoring a 
response with accessing a port number to be used 
upon the tunneling process. 

[0023] The server storing the contents on the network 
may include a first server transmitting the contents to 
the portable type information terminal connected to the 
telephone network, and a second servertransmitting the 
contents to a terminal connected to a communication 
network other than the telephone network. 
[0024] According to a communication system com- 
prises: 

a portable type information terminal including con- 
tent demanding means for demanding contents on 
a network to obtain, display means for displaying 
the demanded content as received, encrypting 
means for transmitting data for obtaining the con- 
tent through a telephone network with encryption, 
decoding means for decoding the content with en- 
cryption transmitted from the telephone network; 
a gateway connected with the portable type infor- 
mation terminal through the telephone network, 
performing tunneling process for feeding the en- 
crypted data from the portable type information ter- 
minal to a destination server and feeding a prede- 
termined data transmitted through tunneling proc- 
ess to the portable type information terminal; and 
a server including decoding means for extracting 
data encrypted by the portable type information ter- 
minal from data transmitted from the gateway 
through tunneling process, data converting means 
for converting the contents demanded by the port- 
able type information terminal into an encrypted da- 
ta which can be decoded by decoding means of the 
portable type information terminal and data trans- 
mitting means for performing tunneling process for 
the encrypted data from the data converting means 



for transmitting to the gateway. 

[0025] With the construction set forth above, the port- 
able type information terminal transmits data encrypted 
s by the encrypting means upon demanding contents to 
the server on the network. The gateway receiving the 
encrypted data transmits data performing tunneling 
process to transmit to the destination server. The server 
is responsive to the data for extracting data encrypted 
10 by the portable type information terminal for decoding, 
and converts the demanded contents into the encrypted 
data which can be decoded by the decoding means of 
the portable type information terminal to transmit to the 
gate way through the tunneling process. From the gate- 
's way, the encrypted data is transmitted to the portable 
type information terminal. By this, data passing through 
the gateway is held in encrypted form to ensure security 
in communication. 

[0026] The gateway may comprise a route table de- 

20 scribing whether each individual server is adapted for 
the tunneling process for the data encrypted by the port- 
able type information terminal or not, and tunneling 
process non-adapted data transmitting means active 
when the destination server is judged as not adapted for 

25 the tunneling process, for decoding the encrypted data 
from the portable type information terminal and encrypt- 
ing data adapting to a transmission lie to the server. 
[0027] In the system set forth above, since process 
on the side of the gateway is different depending wheth- 

30 er the each individual server is adapted to the tunneling 
process or not. Therefore, the table indicating whether 
the server is adapted to the tunneling process or not per 
each individual server, is provided on the side of the 
gateway for performing retrieval on the table at every 

35 occasion of demand for the contents from the portable 
type information terminal. When the server is adapted 
to the tunneling process, the encrypted data from the 
portable type information terminal is subject to tunneling 
process to be fed to the server as is. On the other hand, 

40 if the server is not adapted to the tunneling process, as 
in the prior art, the encrypted data from the portable type 
information terminal is once decoded and again encrypt- 
ed adapting the transmission Ihr to the server. By pro- 
viding different ways of process depending upon the 

45 server, the present invention is applicable even if the 
server not adapted to the tunneling process is remained 
on the network. 

[0028] The gateway may make judgment whether 
each individual server is adapted for the tunneling proc- 

so ess for the data encrypted by the portable type informa- 
tion terminal or not by monitoring a response to access 
for a port number to be used in tunneling process. 
[0029] With the process set forth above, even if the 
gateway is not provided with the table or when the des- 

55 tination server is not contained in the table, judgment 
whether the server is adapted to the tunneling process 
or not can be done by actually accessing the port 
number to be used in the tunneling process if response 
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received, and judgment is made that the server is not 
adapted to the tunneling process otherwise. 
[0030] Data may be transmitted between the portable 
type information terminal and the gateway connected 
through the telephone network by a wireless session 
protocol, and data is transmitted between the gateway 
and the server connected via an internet by an internet 
protocol. 

[0031] In the particular method set forth above, as 
communication protocol ensuring security in communi- 
cation in the telephone network between the portable 
type information terminal and the gateway, WSP is em- 
ployed, and as communication protocol ensuring secu- 
rity in communication in the Internet between the gate- 
way and the server on the Internet, IP is employed. It is 
also possible to employ other communication protocol 
may be employed as long as the security in communi- 
cation can be ensured. 

[0032] The server storing the contents on the network 
may include a first server transmitting the contents to 
the portable type information terminal connected to the 
telephone net work, and a second server transmitting 
the contents to a terminal connected to a communica- 
tion network other than the telephone network. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0033] The present invention will be understood more 
fully from the detailed description given hereinafter and 
from the accompanying drawings of the preferred em- 
bodiment of the present invention, which, however, 
should not be taken to be limitative to the invention, but 
are for explanation and understanding only. 
[0034] In the drawings: 

Fig. 1 is a diagrammatic illustration showing a sys- 
tem construction showing an outline of the preferred 
embodiment of a communication system according 
to the present invention; 

Fig. 2 is an explanatory illustration showing a prin- 
ciple of the shown embodiment of the communica- 
tion method in the case where the conventional 
WTA servers are completely replaced with the pre- 
ferred embodiment of WTA servers; 
Fig. 3 is an explanatory illustration showing a prin- 
ciple of the shown embodiment of the communica- 
tion method in the case where both of the shown 
embodiment of the WTA servers and the conven- 
tional WTA servers are present: 
Fig. 4 is an illustration showing a general construc- 
tion, in which a part of the shown embodiment of 
the communication system is illustrated in particular 
form; 

Fig. 5 is a flowchart showing a major part of flow of 
process operation of the shown embodiment of the 
gateway; 

Fig. 6 is an explanatory illustration showing a flow 
of data in the case of feeding of data to new type 



WTA server in the shown embodiment; 
Fig. 7 is a flowchart showing flow of operation for 
determining destination of data fed from a first port- 
able type information terminal to the gateway in the 
5 shown embodiment; 

Fig. 8 is an illustration showing a general construc- 
tion showing a part of communication system in a 
modification of the present invention; 
Fig. 9 is an illustration showing a system construe- 
to tion showing a general construction of the conven- 
tional communication system using internet; 
Fig. 1 0 is an explanatory illustration showing a man- 
ner of communication between a computer and a 
HTTP server; and 
is Fig. 1 1 is an explanatory illustration showing a man- 
ner of communication between a portable type in- 
formation terminal and the conventional type WTA 
server. 

20 DESCRIPTION OF THE PREFERRED EMBODIMENT 

[0035] The present invention will be discussed here- 
inafter in detail in terms of the preferred embodiment of 
the present invention with reference to the accompany- 

25 ing drawings. In the following description, numerous 
specific details are set forth in order to provide a thor- 
ough understanding of the present invention. It will be 
obvious, however, to those skilled in the art that the 
present invention may be practiced without these spe- 

30 cific details. In other instance, well-known structure are 
not shown in detail in order to avoid unnecessary ob- 
scurity of the present invention. 
[0036] Fig. 1 shows an outline of the preferred em- 
bodiment of a communication system according to the 

35 present invention. In Fig. 1 , like components to those in 
Fig. 9 are identified by like reference numerals and de- 
tailed discussion for these components will be omitted 
in order to avoid redundant discussion for keeping the 
disclosure simple enough to facilitate clear understand- 

40 ing of the present invention. To a network 1 01 , in addi- 
tion to the conventional type WTA servers 1 03 1 to 1 03 B , 
the preferred embodiment of WTA servers 203 1 to 203 G 
are connected. The preferred embodiment of the WTA 
servers 203 1 to 203 G are servers cooperated with gate- 

45 ways 204! to 204q for enhancing security of communi- 
cation on WWW and partly differentiated construction 
and function from the conventional type WTA servers 
103! to 103 B . It should be noted when the communica- 
tion system is completely replaced with the system for 

so ensuring security of communication according to the 
present invention, the conventional type WTA servers 
103! to 103 B are removed and only the preferred em- 
bodiment of the WTA servers 203! to 203 G are present 
on the network. 

55 [0037] Rg. 2 shows a principle of a communication 
method in the case where all of the conventional WTA 
servers are replaced with the preferred embodiment of 
the WTA servers. In the shown embodiment, communi- 
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cation between the portable type information terminal 
1 07 and the gateway 204 is performed using a protocol 
called as wireless session protocol (WSP). Between the 
gateway 204 and the shown embodiment of the WTA 
server 203, a protocol called as internet protocol (IP) is 
performed. In the shown embodiment, WSP is used for 
ensuring security of communication. Communication 
between the gateway 204 and the shown embodiment 
of the WTA server 203 is done by tunneling process. 
[0038] Fig. 3 shows a principle of a communication 
method in the case before complete transition to a new 
system where the conventional type WTA servers and 
the preferred embodiment of the WTA servers are 
present in admixed manner There are two ways of com- 
munication where the portable type information terminal 
107 communicates with the shown embodiment of the 
WTA server 203, and where the portable type informa- 
tion terminal 107 communicates with the conventional 
type WTA server 103. Upon communication with the 
shown embodiment of the WTA server 203, a commu- 
nication in a zone between the gateway 204 and the 
shown embodiment of the WTA server 203 is done by 
tunneling process discussed in Fig. 2. When the porta- 
ble type information terminal 1 07 is in communication 
with the conventional type WTA server 1 03, the commu- 
nication is completely the same as that discussed with 
respect to Fig. 1 1 . 

[0039] Namely, the gateway 204 using in the shown 
embodiment is required switching means 21 1 for switch- 
ing the process shown in Fig. 3 between the new system 
and the conventional system in the stage before com- 
pletely transiting to the new system for ensuring security 
in communication. Also, similarly to the conventional 
gateway 105 (see fig. 9), it is required means for once 
decoding the encrypted communication data in one pro- 
tocol and encrypting the decoded communication data 
in the other protocol. 

[0040] It is determined by a route determining portion 
212 that the communication data transmitted from the 
portable type information terminal 107 to the gateway 
204 is transmitted to the shown embodiment of the WTA 
server 203 or to the conventional type WTA server 103. 
The route determining portion 212 incorporates a route 
table 213 to select a route on the basis of past result of 
judgment written in the route table 213. When a server 
not written in the route table 213 is designated as des- 
tination to access, investigation is made whether the 
designated server is the shown embodiment of the WTA 
server 203 or the conventional type WTA server 1 03, on 
site to determine a route to reflect the result on the route 
table 21 3, The WTA servers 1 03 and 203 are present in 
huge number over the world. Therefore, history of the 
WTA servers past dealt by the gateway 204 is main- 
tained to be used in determination of the route in second 
time and subsequent occasion to prevent excessive in- 
crease of data amount in the route table 213. 
[0041] Fig. 4 shows particular construction of the 
shown embodiment of the communication system. The 



portable type information terminal (client) 107 is con- 
nected to a mobile communication network 222 through 
a communication lines 221 . Here, the communication 
lines 221 is not necessarily radio communication lines 
5 but can be wired communication lines. Between the mo- 
bile communication network 222 and the gateway 204, 
other communication line 223 is connected. The gate- 
way 204 is connected to the network 101. To the network 
1 01 , the preferred embodiment of the WTA servers (new 
10 WTA servers) 203 are connected in addition of the con- 
ventional type WTA servers (old WTA servers) 1 03. 
[0042] The gateway 204 is provided with wireless ap- 
plication environment (WAE) processing portion 231 , a 
wireless session protocol (WSP) processing portion 
232, a wireless transport protocol (WTP) processing 
portion 233, a wireless transport layer security protocol 
(WTLS) processing portion 234, a wireless datagram 
protocol (WDP) processing portion 235, a contents 
processing portion 236, a hyper text transfer protocol 
(HTTP) processing portion 237, a transporting layer se- 
curity (TLS) processing portion 238, a transmission con- 
trol protocol (TCP) processing portion 239, and an in- 
ternet protocol (IP) processing portion 240. Operation 
of these processing portions will be discussed later. The 
gateway 204 perse is constructed with a central 
processing unit (CPU), a storage medium storing pro- 
gram to be executed by CPU and a working memory 
temporarily storing various data and communication 
means performing input and output of data. These hard- 
ware construction is well known and omitted from illus- 
tration. 

[0043] The conventional type WTA server 1 03 is con- 
structed with a content processing portion 251 , a HTTP 
processing portion 252, a TLS processing portion 253, 
aTCP processing portion 254 and an IP processing por- 
tion 255. On the other hand, the shown embodiment of 
the WTA server 203 is constructed with a contents 
processing portion 261 , a WSP processing portion 262, 
a WTP processing portion 263, a WTLS processing por- 
tion 264, a TCP processing portion 265 and an IP 
processing portion 266. The conventional type WTA 
server 1 03 and the shown embodiment of WTA server 
203 are also constructed, like the gateway 24, vviih CPU, 
the storage medium storing the program and work- 
ing memory or the like. Hardware of these are also omit- 
ted from illustration. 

[0044] Fig. 5 illustrates the major portion of flow of 
processing operation of the shown embodiment of the 
gateway. The foregoing CPU of the gateway 204 re- 
ceives data for obtaining contents from any one of the 
portable type information terminals 107 1 to 107 F as cli- 
ent (step S281 : Y). The received data is fed to the WDP 
process portion 235 to be processed therein (step 
S282). The protocol (wireless datagram protocol: WDP) 
to be handled by the WDP processing portion 235 de- 
fines a procedure to be a base performing data commu- 
nication using various types of communication network. 
The WDP processing portion 235 performs this process 



20 



25 



30 



35 



40 



45 



50 



6 



JOCCID: <EP 1 11 1870A2J_> 



11 



EP 1 111 870 A2 



12 



and performs discrimination of kind of WTA server as 
destination of data transmitted from the client. 
[0045] For example, it is assumed that the data is to 
be transmitted to the conventional type WTA server 
1 . In this case, (step S283: N), at first WTLS process 5 
by the WTLS processing portion 234, WTP process by 
the WTP processing portion 233, WSP process by the 
WSP processing portion 232 and WAE process by the 
WAE processing portion 231 are performed (step S284). 
Here, WAE process is a process of wireless markup Ian- 10 
gauage (WML) as a markup language for describing 
document similar to HTML and WML script as a script 
language similar to Java script and wireless telephony 
application (WTA) of telephony service and wireless te- 
lephony application interface (WTAI) as its interface and '5 
so forth. 

[0046] Next, the result of process of the WAE process- 
ing portion 231 is transferred to the contents processing 
portion 236 to perform data conversion (step S285).The 
result of process of the WSP process portion 232 is 
transferred to HTTP processing portion 237 to perform 
data conversion (step S286). Finally, data thus convert- 
ed is transmitted to the conventional type WTA server 
1 03 as destination of transmission (step S288) via the 
TLS processing portion 238 , the TCP processing portion 
239 and the IP processing portion 240 (step S287). 
[0047] On the contrary, when judgment is made that 
the received data is to be transmitted to the new type 
WTA server 203 (Y), the WDP processing portion 235 
transfers data to the TCP processing portion (step 
S289). After processing of the TCP processing portion, 
IP processing is performed by the IP processing portion 
(step S290). Then, after those processings, the data is 
transmitted to the new type WTA server 203 (step 
S288). 

[0048] Namely, when judgment is made that the re- 
ceived data is to be transmitted to the conventional type 
WTA server 103 (step S283: N) , encrypted data as in 
the prior art is decoded into the original WSP data to 
transmit to the destination with conversion into the HT- 
TP data. In contrast to this, if judgment is made that the 
received data is to be transmitted to the new type WTA 
server 203 (step S283: Y), the gateway 204 transmits 
the data to the destination with IP process and without 
decoding the encrypted data. By this, security of com- 
munication in the gateway can be ensured. 
[0049] It should be noted that while general discus- 
sion has been given for the case where data is transmit- 
ted from the portable type information terminal 1 07 as 
the client to the WTA server 1 03 or 203 in Fig. 5, the 
flow is reversed in the case where data is transited from 
the WTA server 1 03 or 203 to the portable type informa- 
tion terminal 107. 

[0050] Fig. 6 shows more particularly the case where 
data is transmitted to the new type WTA server. The fol- 
lowing discussion will be given in terms of the case 
where the first portable type information terminal 107! 
as client obtains a desired content from the new type 



first WTA server 203 1t In the first portable type informa- 
tion terminal 1 07 t , the user inputs URL to obtain the con- 
tent. Here, it is assumed that URL 301 "http://foo.corn/ 
bar.html" is input. In the WSP processing portion 262, 
the input URL is converted into a byte string encoded in 
hexadecimal to store in WSP header 303 forming data 

302 to be transmitted. At this time, since the first portable 
type information terminal 107 1 only notify URL, no data 
is stored in the portion of the WSP data 304. As a par- 
ticular example of data to be stored in the WSP header 

303 is encoded data of the language "GET http^/foo. 
com/bar.html Accept-Language: en M , for example. Here, 
"Accept-Language: en* represents that the kind of lan- 
guage to be displayed on the side of the first portable 
type information terminal is "en". 

[0051] In the WTP processing portion 263, data 302 
thus prepared is Incorporated in the portion of the WTP 
data 305, also, data, such as address of destination or 
port number or the like is incorporated in the portion of 
the WTP header 306. Then, the data 307 is transferred 
to the WTLS processing portion 264. In the WTLS 
processing portion 264, a process for ensuring security 
of communication, such as encryption of data 307, add- 
ing message authentication code, such as by public key 
or the like, is performed to obtain WTLS data 308. Then, 
data 31 0 added WTLS header 309 is transferred to the 
WDP processing portion 269. 

[0052] In the WDP processing portion 269, data 310 
is contained in a portion of the WDP data 311. In the 
portion of the WDP header 312, the header information 
enabling process in the telephone network is included 
and transmitted to the telephone network as data 313. 
[0053] In the gateway 204, data 313 is received 
through the telephone network. Then, the received data 
is transferred to the WDP processing portion 235. The 
WDP processing portion 235 performs reverse process 
to the process performed on the side of the first portable 
type information terminal 107., to return to data in the 
WTLS layer to make determine the destination server 
on the basis of the WTLS header 321 . Then, when judg- 
ment is made that the destination server is one of the 
new type WTA servers 203., to 203 G , tunneling process 
is performed. Therefore, data 323 fron* the WTLS head- 
er 321 and the WTLS data 322 is transferred to the TCP 
processing portion 239 as TCP data with out decoding 
and encrypting process. Namely, in this case, without 
performing the process for once decoding the data en- 
crypted on the side of the first portable type information 
terminal 107! and again encrypting for the network 101 
as required in the case where the conventional type 
WTA servers 1 03! to 1 03 B is designated as destination, 
the data encrypted on the side of the first portable type 
information terminal 107! is directly transmitted to the 
TCP processing portion 239. 

[0054] In the TCP processing portion 239, data 323 
consisted of WTLS header 321 and WTLS date 322 is 
taken as TCP data 324 to be transferred to the IP 
processing portion 240 as data 326 with adding the TCP 
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header 325. In the IP processing portion 240, this data 
326 is taken as the IP data 327 to be transmitted to the 
network 101 as data 329 added the IP header 328. 
[0055] In the first WTA server 203! , the arriving data 
329 is received by the IP processing portion 266 to per- 5 
form processes in the TCP processing portion 265, the 
WTLS processing portion 264, the WTP processing por- 
tion 263 and the WSP processing portion 262 to perform 
reverse process as those performed in the first portable 
type information terminal 107 v Therefore, discussion 10 
for the particular process will be omitted. At the midway 
of the shown process, verification of the decoded mes- 
sage secret identification code is performed in the 
WTLS processing portion 264. Then, finally, WSP 
processing portion 262 obtains URL 301 of 'http://foo. 1$ 
com/bar.htmr to know that the first portable type infor- 
mation terminal 107! requires obtaining of this URL. 
[0056] Then, the first WTA server 203! feeds data in- 
dicative of the contents of the URL toward the first port- 
able type information terminal 1 07! via the gateway 204 20 
as WSP data 304. At this time, the WTLS processing 
portion 264 performs process for ensuring security of 
communication by adding the message authentication 
code in the similar manner as done by the WTLS 
processing portion 264 of the first portable type informa- 25 
tion terminal 107. Thereafter, the IP processing portion 
266 performs IP process for the WSP data 304 to trans- 
mit to the network 101 as data 329. The data 329 thus 
transmitted is received by the gateway 204. In the IP 
processing portion 240 of the gateway 204, PCT data 30 
324 and the TCP header 325 are reproduced from an 
IP data 327 contained in the data 329. Also, in the TCP 
processing portion 239, data 323 consisted of WTLS 
header 321 and WTLS data 322 is reproduced. Further- 
more, in the WDP processing portion 269, the WDP data 3s 
311 andthe WDP header 312 are reproduced. Data 323 
indicative of these is transmitted to the first portable type 
information terminal 107! via the telephone network. 
[0057] In the first portable type information terminal 
1 07! • tne process in respective portions are performed 40 
in reversed manner or backward to verify the message 
authentication code by decoding in the WTLS process- 
ing portion 264. Thereafter, the contents of URL 301, 
' , http://foo.com/bar.htm^ , is obtained to reproduce. 
[0058] It should be noted that in Fig. 6, the portion « 
shown with halftone dots represents data in a condition 
where security of data is ensured by the process for en- 
suring security of data by the process for ensuring se- 
curity of communication. Since the data is maintained 
in encrypted condition at the portion of the gateway 204, so 
it becomes possible to protect the content from external 
break-in and may not be seen the content by the man- 
ager of the gateway 204. 

[0059] Fig. 7 shows a flow of operation on the side of 
gateway for determining destination of data transmitted 55 
from the first portable type information terminal in the 
particular process as set forth above. This is the process 
to be a base of judgment at step S283 in Fig. 5. As set 
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forth in terms of Fig. 6, the WDP processing portion 269 
discriminates the kind of the WTA server as destination 
of the data from one of the portable type information ter- 
minal 107 n . For discrimination process, the route table 
213 shown in Fig. 3 is used. CPU in the gateway 204 
checks whether the relevant destination WTA server 
has been written therein (step S341). If present, if the 
information written in connection with the WTA server in 
question indicates that the WTA server in question is the 
conventional type, the judgment at step S283 of Fig. 5 
is made as not the new type WTA server (N), and oth- 
erwise as the new type WTA server (Y). 
[0060] If judgment is made that the destination WTA 
server is not written in the route table 213 at step 341 
of Fig. 7, the gateway 204 actually accesses the server 
to discriminate the type thereof (step S342). When the 
destination WTA server is to perform the tunneling proc- 
ess, if the port number to be used actually in the tun- 
neling process is accessed, a response thereto is re- 
turned and if the port number is not for the tunneling 
process and thus indicate normal server, no response 
is returned even when the port number is accessed. 
Therefore, utilizing this fact, type of the WTA server may 
be judged. More particularly, check is performed wheth- 
er a response is delivered within a given period after ac- 
cessing the port number of the designation WTA server. 
If response is returned within the given period, then, 
judgment is made that the destination WTA server is the 
new type WTA server which performs tunneling process 
and otherwise that the destination WTA server is the old 
type WTA server. The result of judgment is written in the 
route table (step 343). By this, in the next and subse- 
quent times, if this WTA server is designated as desti- 
nation, the type of the server can be seen by retrieval of 
the route table 213. 

Modification 

[0061] Fig. 8 shows a condition where a general HT- 
TP server is present in addition to the WTA server ac- 
cording to the present invention, in the network. In Fig. 
8, like components to those in Figs. 4 and 9 are identified 
by like reference numerals anc* detailed discussion for 
these components will be omitted in order to avoid re- 
dundant discussion for keeping the disclosure simple 
enough to facilitate clear understanding of the present 
invention. In general, the WTA server and the 203 and 
the HTTP server 1 04 has many common functions, both 
receive URL and return the corresponding contents. 
There are no difference in the functions and protocols. 
However, the kind of contents to be returned is differen- 
tiated partly. In case of the WTA server 20, since it is 
premised that the WTA server is connected to the tele- 
phone network, and the contents to be handled is a mes- 
sage registered in an answering telephone service cent- 
er and other particular contents. In case of the HTTP 
server, such restriction is not present, and various con- 
tents can be handled. 
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[0062] Accordingly, the portable type information ter- 
minals 107, to 107 F may be connected not only to the 
WTA server 203 but also to the HTTP server as long as 
it is connected to the communication network other than 
the telephone network, via the gateway 204. Also, by 
application of the present invention, security in commu- 
nication at the gateway 204 can be ensured. 
[0063] As set forth above, since the present invention 
is designed to performing tunneling process for trans- 
ferring the encrypted data transmitted from the portable 
type information terminal to the gateway, it makes it un- 
necessary to decode once and encrypt adapting to the 
next transmission line in the gateway to the load. 
[0064] On the other hand, with the present invention, 
since the portable type information terminal transmits 
the data encrypted by encrypting means in response to 
the demand for the contents the server, on the network, 
and since the encrypted data is transmitted to be the 
destination WTA server through the tunneling process, 
it can eliminate necessity of decoding and encrypting 
hardware in the gateway to the next transmission line 
for reducing the gateway. 

[0065] In addition, according to the present invention, 
since the route table indicating whether each individual 
server is adapted to the tunneling process, quick data 
transmission can be performed by making the content 
of the route table complete. 

[0066] Furthermore, with the present invention, since 
check is performed whether the tunneling process can 
be done or not, the tunneling process can be effectively 
used even when the server is newly adapted for tun- 
neling process during process. 



Claims 

1 , A communication method comprising the steps of: 

performing transmission of an encrypted data 
with a predetermined protocol realizing process 
for ensuring security in communication on a tel- 
ephone network between a portable type infor- 
mation terminal having a function obtaining a 
content on a network and displaying the content 
and a gateway connected with said portable 
type information terminal through said tele- 
phone network; and 

performing tunneling process for the encrypted 
data between said gateway and a server stor- 
ing said content on said network. 

2. A communication method as set forth in claim 1, 
wherein data is transmitted between said portable 
type information terminal and said gate way con- 
nected through said telephone network by a wire- 
less session protocol, and data is transmitted be- 
tween said gateway and said server connected via 
an internet by an internet protocol. 
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3. A communication system comprising: 

a portable type information terminal including 
content demanding means for demanding con- 

5 tents on a network to obtain , display means for 

displaying the demanded content as received, 
encrypting means for transmitting data for ob- 
taining the content through a telephone net- 
work with encryption, decoding means for de- 

10 coding said content with encryption transmitted 

from said telephone network; 
a gateway connected with said portable type in- 
formation terminal through said telephone net- 
work, performing tunneling process for feeding 

is the encrypted data from said portable type in- 

formation terminal to a destination server and 
feeding a predetermined data transmitted 
through tunneling process to said portable type 
information terminal; and 

20 a server including decoding means for extract- 

ing data encrypted by said portable type infor- 
' mation terminal from data transmitted from said 
gateway through tunneling process, data con- 
verting means for converting the contents de- 

25 manded by said portable type information ter- 

minal into an encrypted data which can be de- 
coded by decoding means of said portable type 
information terminal and data transmitting 
means for performing tunneling process for the 

30 encrypted data from said data converting 

means for transmitting to said gateway. 

4. A communication system as set forth in claim 3, 
wherein said gateway comprises a route table stor- 

35 ing data indicative whether each individual server 
is adapted for the tunneling process for the data en- 
crypted by said portable type information terminal 
or not, and tunneling process non-adapted data 
transmitting means active when the destination 

40 server is judged as not adapted for the tunneling 
process, for decoding the encrypted data from said 
portable type information terminal and encrypting 
data adapting to a transmission lie to sa c jrver. 

45 5. A communication system as set forth in claim 3, 
wherein said gateway makes judgment whether 
each individual server is adapted for the tunneling 
process forthe data encrypted by said portable type 
information terminal or not by monitoring a re- 

so sponse to access for a port number to be used in 
tunneling process. 

6. A communication system as set forth in claim 3, 
wherein data is transmitted between said portable 
55 type information terminal and said gate way con- 
nected through said telephone network by a wire- 
less session protocol, and data is transmitted be- 
tween said gateway and said server connected via 
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an internet by an internet protocol. 

A communication method as set forth in claim 1 , 
wherein said gateway performs a process includ- 
ing: 



tents to said portable type information terminal con- 
nected to said telephone net work, and a second 
server transmitting said contents to a terminal con- 
nected to a communication network other than said 
telephone network. 



10. 



11. 



12. 



first step of transmitting the encrypted data 
from said portable type information terminal to 
said destination server through tunneling proc- 
ess; and 

second step of transmitting a predetermined 
data transmitted from said server through tun- 
neling process to said portable type information 
terminal. 

A communication method as set forth in daim 7, 
wherein said gateway performs a process further 
including: 

third step of making judgment whether the en- 
crypted data of said portable type information ter- 
minal is adapted for tunneling process or not per 
each destination server, and said first step is exe- 
cuted when the encrypted data is judged as being 
adapted to tunneling process at third step. 

A communication method as set forth in daim 7, 
wherein said gateway performs a process further 
including: 

third step of making judgment whether the en- 
crypted data of said portable type information 
terminal is adapted for tunneling process or not 
per each destination server; and 
fourth step of decoding the encrypted data from 
said portable type information terminal and en- 
crypting data adapting to a transmission lie to 
said server when the destination server is 
judged as not adapted for the tunneling proc- 
ess. 

A communication method as set forth in claim 8, 
wherein said gateway makes judgment whether 
said encrypted data is adapted to the tunneling 
process by monitoring a response with accessing a 
port number to be used upon the tunneling process. 

A communication method as set forth in claim 1 , 
wherein said server storing the contents on said 
network includes a first server transmitting said con- 
tents to said portable type information terminal con- 
nected to said telephone net work, and a second 
server transmitting said contents to a terminal con- 
nected to a communication network other than said 
telephone network. 

A commnication system as set forth in claim 3 
wherein said server storing the contents on said 
network includes a first server transmitting said con- 



13. A computer program comprising computer-execut- 
able instructions for carrying out a method accord- 
ing to any of claims 1 , 2 or 7 to 11 . 
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